UW Medicine Compliance
A Business Associate is an entity or individual that is not a workforce member of the University of Washington; will be or is performing a service or activity “for” or “on behalf of” the University of Washington or UW Medicine, and; the services or activities involve the use or disclosure of Protected Health Information.
To assist department managers and contract owners with meeting the Business Associate Agreement requirements, the Purchasing Departments have created these checklists to facilitate the Business Associate Agreement process:
- Business Associate Checklist for Harborview Medical Center
- Business Associate Checklist for the University of Washington
When a contract meets the Business Associate requirements, the Business Associate Agreement language can either be incorporated into the contract or added as an Addendum. The Purchasing department or the Privacy Program can assist you in meeting your requirements. The Business Associate Agreements for UW Medicine and the UW Health Care Components are available below.
If you are entering into a contract that has IT components or system, you need to also include the Data Security and Privacy Agreement (DPSA) to assist you in ensuring that the vendor is compliant with the UW Medicine Information Security Policies and the HIPAA Security Regulations.
Additionally, we have some Frequently Asked Questions in negotiating terms contained within the Business Associate Agreements.
Although the University is not required to train Business Associates on our Privacy Policies, Compliance has created a Vendor Confidentiality Agreement that managers can have employees of Business Associates sign.